Creating Strong Passwords

2011-04-02

Sometimes you get really frightened when you find out how simple passwords people use. First, they are very simple, but there is also many people who would give away their password by just being asked. In this article, I will talk briefly about good password. Getting people to not give away their passwords is an entirely different problem. It doesn’t matter how good the password is if the owner doesn’t keep it a secret. But in this article, I will talk about how to create good passwords that are hard to guess and that can take a long time to generate through a brute force attack.

The goal is to have as impersonal password as possible so that nobody should be able to guess the complete, or parts, of the password. You shouldn’t use your name, phone number, address, pet names, name of acquaintances, your cars registration number and so on. Other people can easily get hold of that information. You also shouldn’t use any of the most commonly used passwords. Here is a link to a list of the most common passwords. It’s best if you use such a large character set as possible when making a password. This makes the password harder to guess and it takes longer to generate with a brute force attack. Ideally, you should use numbers, uppercase and lowercase letters and special characters. Below is a table showing how many variations of passwords that can be created from a number of characters for different character sets.

Number of characters per character set

Number of characters used

10

36

62

100

1

10

36

62

100

2

100

1296

3844

10000

3

1000

46656

238328

1000000

4

10000

1679616

14776336

1E+08

5

100000

60466176

916132832

1E+10

6

1000000

2176782336

56800235584

1E+12

7

10000000

78364164096

3,52161E+12

1E+14

8

100000000

2,82111E+12

2,1834E+14

1E+16

At best, you should have a pretty long password, with the absolute minimum of eight characters, which are selected randomly. I made a simple JavaScript you can use to randomize passwords, here is the link. Longer randomized passwords can be difficult to remember because they have no meaning to the owner. One method that can be used is to choose a text passage or quote that you can remember, and turn it into a password, for example by selecting the first letter of each word and replace some words with numbers och symbols. For example, the quote “Be nice to nerds. Chances Are You’ll end up working for one” can become “Bntn.Cayeuw41”. It may not be as good as a randomly selected password, but it’ll be harder to guess and it’s pretty easy to remember. Another option that is also pretty good is to choose a long, or a few short words, write them together, and replace some lowercase letters with uppercase letters and replace some letters with numbers, this is also known as Leetspeak. For example, the words “web development” can become “W3bD3v3l0pm3n7”. So for now, make sure your passwords are good and keep them to yourself.